No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
No Password Required: Founder and Commissioner of the US Cyber Games, CEO of the Cyber Marketing Firm Katzcy, and Someone Who Values Perseverance Over Perfection
Biometric Litigation
Founder of Cyber Security Unity, Member of the Order of the British Empire, and Appreciator of '80s Soap Operas
Illinois Supreme Court Clarifies BIPA Violation Accruals, Opening the Door for “Annihilative” Damage
No Password Required: The Custom T-Shirt-Wearing CEO Who Not Only Appreciates Mega Man ... He Basically Is One
Hybrid Workforces and Compliance with Sheila Limmroth
Legislating Data Privacy Series: A Conversation with Massachusetts Representatives Dave Rogers and Andy Vargas
State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: BIPA Trends in 2022
State Law Privacy Video Series | Applicability
Getting Personal—Wearable Devices, Data, and Compliance
Episode 8: Why brokers, not breaches, are America's greatest privacy threat (with Rob Shavell)
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Inside Privacy Law: The Regulation of Personal Data
NGE On Demand: Cybersecurity Considerations for Emerging Companies with Michael Gray and David Wheeler
Oklahoma: Changing Data Privacy as We Know It?
The Convergence of AI and Data Privacy in eDiscovery: Using AI and Analytics to Identify Personal Information
Reducing Cybersecurity Burdens with a Customized Data Breach Workflow
Sitting with the C-Suite: Looking Ahead to Potential Compliance Issues Due to COVID-19
The Second Circuit Court of Appeals upheld the dismissal of a proposed class action against Flipps Media (now Triller TV), ruling that the company did not violate the federal Video Privacy Protection Act (VPPA) by sharing...more
A federal appeals court recently addressed whether employees had standing to bring a lawsuit when their personally identifiable information (PII) was inadvertently circulated to other employees at the company, with no...more
Is there standing to bring a lawsuit when an employee’s personal information is mistakenly circulated to all employees at the company? A recent decision addressed exactly this question. In McMorris v. Carlos Lopez &...more
The Fourth Circuit’s 2017 decision in Beck v. McDonald held that the mere fear of identity theft in the wake of a data breach was insufficient to confer Article III standing. ...more
Wage and Hour - Decision Upholds Class Action Waivers in Arbitration Clauses, Resolves Circuit Split - The U.S. Supreme Court issued a long-awaited decision in Epic Systems Corp. v. Lewis on May 21, 2018, holding that...more
We recently commented on one hotly contested legal issue being addressed by the courts in data breach class action litigation, that of plaintiffs’ standing. Another issue that has been the subject of recent court activity in...more
We’ve already written about Spokeo, Inc. v. Robins, 136 S. Ct. 1540 (2016), in which the Supreme Court reaffirmed that all federal plaintiffs, even those alleging a statutory violation, must have suffered a real, concrete...more
On March 7, 2018, the United States District Court for the District of Minnesota dismissed a putative data breach class action against SuperValu, Inc., because the plaintiffs did not have standing and could not state claims...more
When Derek Gubala subscribed to Time Warner Cable in 2004, he gave it his birth date, home address, home and work phone numbers, social security number, and credit card information. Gubala canceled his subscription in...more
Last week, the Third Circuit held that allegations of the unauthorized disclosure of personal information in violation of the Fair Credit Reporting Act (FCRA) constituted a de facto injury sufficient to confer standing at the...more
Last week, the Internal Revenue Service successfully defeated a putative class action related to a data breach it suffered in 2015. The D.C. District Court’s decision dismissing the suit demonstrates the high bar required to...more
In this edition of our Privacy & Cybersecurity Update, we discuss the revised Privacy Shield and what companies should be doing to prepare for the new program, the FTC's reinstatement of its LabMD case, the European...more
We previously reported that Scottrade was hit with a class action case within 24 hours of notifying customers of a data breach. According to the Complaint, the data compromised included the names, addresses, telephone...more
The United States District Court of Maryland recently dismissed a putative class action alleging that CareFirst’s failure to adequately secure the computer hardware storing their customers’ personal information led to two...more
In August of 2013, four computers of Advocate Health and Hospitals Corporation (Advocate Health) were stolen from one of its offices. The computers contained the names, dates of birth, Social Security numbers, health...more
Continuing the growing trend of dismissing data breach cases when there is no evidence of actual harm, the United States District Court for the District of Nevada last week dismissed a class action case filed against Zappos...more
In 2014, the University of Pittsburgh Medical Center’s computer system was hacked, resulting in the disclosure of sensitive personal information of current and former employees, including names, addresses, birthdates, social...more
A Pennsylvania judge has dismissed a class action arising out of the breach of confidential employee information, adding to a growing body of state courts that have found that negligence claims alleging failure to provide...more
On March 31, 2015, a New Jersey federal judge dismissed a class action lawsuit against Horizon Healthcare Services Inc. alleging the company failed to protect the personal information of thousands of insurance network members...more
After over four years of litigation on the cutting edge of modern Video Privacy Protection Act (“VPPA” or the “Act”) litigation, Magistrate Judge Laurel Beeler of the United States District Court for the Northern District of...more
Yet another federal judge has concluded that an individual whose personal information was allegedly accessed during a data breach lacks standing to sue unless and until there has been a misuse of that personal information or...more
Dismissing a class action based on a data breach, the Southern District of Texas added to the growing number of decisions that find an alleged risk of future identity theft due to a data breach is not an injury that creates...more
A Growing Chorus of Federal Courts Finds User IDs, by themselves, Do Not Count as Personally Identifiable Information under the VPPA Recently, a federal district judge joined a number of his colleagues around the country who...more
On December 10, 2014, a United States District Court in the Northern District of Illinois dismissed the class action complaints filed by two customers of P.F. Chang’s China Bistro who alleged damages resulting from a data...more
On October 8, Georgia Federal District Judge Thomas Thrash, Jr., dismissed a putative class action against The Cartoon Network, Inc., where the plaintiff alleged that the animation company violated the Video Privacy...more